Current Article:

Настройка виртуальных хостов на Nginx

0 comments
Categories Программы

Настройка виртуальных хостов на Nginx

В статье показан конфиг небольшого сервера Nginx с PHP 8.4 (и выше) и Mysql 9.1Конфиг php_fpm.conf

[global]
pid = /var/run/php-fpm.pid
error_log = /var/log/nginx/php-fpm.log
events.mechanism = kqueue

[www]
user = www
group = www

listen = /tmp/php-fpm.sock

listen.owner = www
listen.group = www
listen.mode = 0660

pm = dynamic

pm.max_children = 32

pm.start_servers = 8

pm.min_spare_servers = 2
pm.max_spare_servers = 15

env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

Конфиг nginx.conf

user www;
worker_processes 5;
error_log /var/log/nginx/errors.log warn;
pid /var/run/nginx.pid;

# Подгружаем модули
load_module /usr/local/libexec/nginx/ndk_http_module.so;
load_module /usr/local/libexec/nginx/ngx_http_iconv_module.so;
load_module /usr/local/libexec/nginx/ngx_http_image_filter_module.so;
load_module /usr/local/libexec/nginx/ngx_http_modsecurity_module.so;
load_module /usr/local/libexec/nginx/ngx_http_xslt_filter_module.so;

events {
worker_connections 1024;
use kqueue;
}

http {
include mime.types;
default_type application/octet-stream;
server_tokens off;
sendfile on;
keepalive_timeout 65;
gzip off;
client_max_body_size 20M;

upstream fpm {
server unix:/tmp/php-fpm.sock;
}

#Include virtual hosts configs
include vhosts/site1.ru.conf;
include vhosts/site2.ru.conf;
include vhosts/site3.ru.conf;
}

Файл vhosts/site1.conf Дефолтный конфиг виртуального хоста на CMS Joomla

# Переадресация с http на https
server {
listen 80;
server_name fbsd.site;
return 301 https://$host$request_uri;
}

# Основная часть
server {

# Пути к ключам от Letsencrypt
listen 443 ssl; # managed by Certbot
ssl_certificate /usr/local/etc/letsencrypt/live/site1.ru/fullchain.pem; # managed by Certbot
ssl_certificate_key /usr/local/etc/letsencrypt/live/site1.ru/privkey.pem; # managed by Certbot
include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

charset utf8-r;
autoindex off;
error_log /var/log/nginx/site1.ru-errors.log error;
root /usr/local/www/site1.ru;
index index.php index.htm index.html;

# Защита от мамкиных хакеров. Разрешаем доступ к админпанели только с определённых адресов.
location /administrator/ {
allow xxx.xxx.xxx.xxx/32;
allow yyy.yyy.yyy.yyy/32;
deny all;
}

# Support API
location /api/ {
try_files $uri $uri/ /api/index.php?$args;
}

# Support Clean (aka Search Engine Friendly) URLs
location / {
try_files $uri $uri/ /index.php?$args;
}

# add global x-content-type-options header
add_header X-Content-Type-Options nosniff;

# deny running scripts inside writable directories
location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
error_page 403 /403_error.html;
}

location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}

location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
location ~ /\.ht { deny all; }

# caching of files
location ~* \.(ico|pdf|flv)$ {
expires 1y;
}

location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ {
expires 14d;
}
}

Файл vhosts/site2.conf Дефолтный конфиг для CMS WordPress

server {
# Переадресация с http на https
listen 80;
server_name fbsd.site;
return 301 https://$host$request_uri;
}

server {
# Пути к ключам от Letsencrypt
listen 443 ssl; # managed by Certbot
ssl_certificate /usr/local/etc/letsencrypt/live/site2.ru/fullchain.pem; # managed by Certbot
ssl_certificate_key /usr/local/etc/letsencrypt/live/site2.ru/privkey.pem; # managed by Certbot
include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

charset utf8-r;
autoindex off;
error_log /var/log/nginx/site2.ru-errors.log error;
root /usr/local/www/site2.ru;
index index.php index.htm index.html;

location = /favicon.ico {
log_not_found off;
access_log off;
}

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location / {
try_files $uri $uri/ /index.php?$args;
}

# Разрешаем доступ к админпанели только с определённых IP.
location /wp-admin/ {
allow xxx.xxx.xxx.xxx/32;
allow yyy.yyy.yyy.yyy/32;
deny all;
}

location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}

 

Prev Wireguard-клиент
Next Мелочи по настройке CUPS

Related Post